New firmware for Netgear routers includes a data collection feature

A new firmware released for NightHawk R7000 Netgear routers includes a remote data collection feature, here’s how to turn off it.

In December, a researcher who used the online moniker AceW0rm released a proof-of-concept code exploit working against some NetGear routers because the vendor did not reply to his ethical disclosure occurred in in August.

Some versions of Netgear routers remained affected by a security flaw that could be exploited by hackers to gain root access on the device and remotely run code.

AceW0rm privately disclosed the flaw to Netgear in August but he did not receive any response from the company.

In a first time, security experts warned of serious security issues in two Netgear routers, the Netgear R7000 and R6400 routers but the situation was worst.

Netgear publicly admitted the vulnerability and informed its customer that it was aware of the issue affecting home routers belonging to Netgear’s Nighthawk line.

Loading video

Last week Netgear rolled out a firmware update only for its wireless router model NightHawk R7000, but experts discovered it included a remote data collection feature that collects router’s analytics data and sends it to the vendor.

Experts believe Netgear will release firmware updated with this feature also for other router models in upcoming days.

The last firmware issued by the company include a remote data collection feature that gathers the following information from the devices:

Total number of devices connected to the router
IP address
MAC addresses
Serial number
Router’s running status
Types of connections
LAN/WAN status
Wi-Fi bands and channels
Technical details about the use and functioning of the router and the WiFi network.

Netgear downplayed the issue declaring that the procedure in the new firmware is a routine diagnostic data.

“Technical data about the functioning and use of our routers and their WiFi network can help us to more quickly isolate and debug general technical issues, improve router features and functionality, and improve the performance and usability of our routers.” reads the advisory published by NetGear.”Such data may include information regarding the router’s running status, number of devices connected to the router, types of connections, LAN/WAN status, WiFi bands and channels, IP address, MAC address, serial number, and similar technical data about the use and functioning of the router, as well as its WiFi network.”

Of course, customers are concerned about this data collection, especially about IP address and MAC address being collected by the firm.

Users can disable this feature following the instructions published by Netgear:

Launch a web browser from a computer or mobile device that is connected to the network.
Enter http://www.routerlogin.net.
A login window opens.
Enter the router user name and password.
The user name is admin. The default password is password. The user name and password are case-sensitive.
The BASIC Home page displays.
Select ADVANCED > Administration > Router Update.
The Router Update page displays.
Scroll down to the Router Analytics Data Collection section.
To enable router analytics data collections, select the Enable radio button.
To disable router analytics data collections, select the Disable radio button.
To view the type of data that might be collected, click the router analytics data link.
Click the Apply button.
Your settings are saved.

Some experts are questioning how router data is stored by the company.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Netgear R7000 and R6400 routers, hacking)

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.